WARNING READ THIS: This page contains incomplete and possibly incorrect info. The page is constantly being edited and worked on. Many of these should work but some may be broken. Read the code carefully to understand what you are doing, stuff may be need to be changed for your own use. These include but are not limited too JAIL AND ROUTER IPs, YOUR FREENAS MAIN VOLUME,THE MOST RECENT RELEASE OF DOWNLOADED FILES. Use at your own risk.
Thanks to the creator of this guide https://forums.freenas.org/index.php?resources/fn11-1-iocage-jails-plex-tautulli-sonarr-radarr-lidarr-jackett-ombi-transmission-organizr.58/
Setup Structure
myVol > -media > -series
-movies
-musics
-cloud
-downloads > -complete > -radarr
-sonarr
-lidarr
-apps > -plex
-sonarr
-radarr
-lidarr
-transmission
-jackett
-tautulli
-shinobi
-nextcloud > -config
-db
-themes
-duplicati
I have pool named myVol. I created a dataset named "media" owned by the default freenas user media:media. The dataset contains the folders series,movies,downloads. Radarr, Sonarr, Lidarr, Transmission will need to run as the user media:media to have access to them, this is very important and should not be overlooked. I also have a dataset named "apps" with one folder by appication to hold the config data.
For Sonarr, Radarr, Lidarr, Transmission you will have to change the default user to media:media so the jails can work together properly.
Use the name of your plugin instead of PLUGIN
service PLUGIN onestop
chown -R media:media /usr/local/PLUGIN (this location might be different for some of the apps)
sysrc 'PLUGIN_user=media'
sysrc 'PLUGIN_group=media'
service PLUGIN start
My current setup (dates show the last successful test):
- Plex 04/02/19
- Transmission 04/02/19
- Sonarr V3 04/02/19
- Radarr 12/06/20
- Lidarr 08/22/19 (v0.6.2.883 new dependency : chromaprint)
- Jackett 04/02/19
- Tautulli 03/28/22 (update for Python3.8)
- Organizr V2 07/23/21 (v2.1.306 new dependency php7.4+, new nginx configuration)
- Shinobi (10/03/20)
- Nextcloud + Duplicati (04/11/21)
Configuration:
# Create the jail (through Truenas UI or by command)
iocage create -n "plex" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
# Install Plex and dependencies
iocage exec plex pkg install -y plexmediaserver
# or plexmediaserver-plexpass for PlexPass
# Mount storage
iocage exec plex "mkdir -p /config"
iocage fstab -a plex /mnt/myVol/apps/plex /config nullfs rw 0 0
iocage fstab -a plex /mnt/myVol/media /mnt/media nullfs ro 0 0
# Set permissions
iocage exec plex chown -R plex:plex /config
# Enable service
iocage exec plex sysrc "plexmediaserver_enable=YES"
iocage exec plex sysrc plexmediaserver_support_path="/config"
iocage exec plex service plexmediaserver start
# or for PlexPass
iocage exec plex sysrc "plexmediaserver_plexpass_enable=YES"
iocage exec plex sysrc plexmediaserver_plexpass_support_path="/config"
iocage exec plex service plexmediaserver-plexpass start
iocage create -n "transmission" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
iocage exec transmission pkg install -y transmission
iocage exec transmission mkdir -p /config/transmission-home
iocage exec transmission mkdir -p /mnt/downloads
iocage fstab -a transmission /mnt/myVol/apps/transmission /config nullfs rw 0 0
iocage fstab -a transmission /mnt/myVol/media/downloads /mnt/downloads nullfs rw 0 0
iocage exec transmission sysrc "transmission_enable=YES"
iocage exec transmission sysrc "transmission_conf_dir=/config/transmission-home"
iocage exec transmission sysrc "transmission_download_dir=/mnt/downloads/complete"
iocage exec transmission "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec transmission "pw groupadd -n media -g 8675309"
iocage exec transmission "pw groupmod media -m transmission"
iocage exec transmission chown -R media:media /config/transmission-home
iocage exec transmission chown -R media:media /mnt/downloads
iocage exec transmission sysrc 'transmission_user=media'
iocage exec transmission service transmission start
# you may need to change the white list in /config/transmission-home/settings.json to 0.0.0.0 or set to your preferred settings
iocage create -n "deluge" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
iocage exec deluge pkg install -y deluge
iocage exec deluge mkdir -p /mnt/config
iocage exec deluge mkdir -p /mnt/downloads
iocage fstab -a deluge /mnt/myVol/apps/deluge /mnt/config nullfs rw 0 0
iocage fstab -a deluge /mnt/myVol/media/downloads /mnt/downloads nullfs rw 0 0
iocage exec deluge "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec deluge "pw user add deluge -c deluge -d /home/deluge -m -G media -s /usr/bin/nologin"
iocage exec deluge chown -R media:media /mnt/config
iocage exec deluge chown -R media:media /mnt/downloads
iocage exec deluge sysrc "deluged_enable=YES"
iocage exec deluge sysrc "deluged_confdir=/mnt/config"
iocage exec deluge sysrc "deluged_user=deluge"
iocage exec deluge sysrc "deluge_web_enable=YES"
iocage exec deluge sysrc "deluge_web_confdir=/mnt/config"
iocage exec deluge sysrc "deluge_web_user=deluge"
iocage exec deluge service deluged start
iocage exec deluge service deluge_web start
# if you get an error on get_localhost_auth, you may need to add auth manually to /mnt/config/auth file with
# iocage exec deluge echo "localclient:a7bef72a890:10" >> /mnt/config/auth
# default password is "deluge"
09/19/2019 : ATTENTION last version of Sonarr supporting mono 5.10 is v3.0.2.572. Next version need mono 5.16 mini (5.20 atm) While no new ports or pkg of mono will be available on Freebsd stay on v3.0.2.572 or upgrade manually mono (see below Mono 6.8)
iocage create -n "sonarr" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
# install pkgs
iocage exec sonarr pkg install -y mono mediainfo sqlite3 curl
# mount storage
iocage exec sonarr mkdir -p /config
iocage exec sonarr mkdir -p /mnt/downloads
iocage exec sonarr mkdir -p /mnt/series
iocage fstab -a sonarr /mnt/myVol/apps/sonarr /config nullfs rw 0 0
iocage fstab -a sonarr /mnt/myVol/media/downloads /mnt/downloads nullfs rw 0 0
iocage fstab -a sonarr /mnt/myVol/media/series /mnt/series nullfs rw 0 0
# download sonarr
iocage exec sonarr ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec sonarr "fetch http://services.sonarr.tv/v1/download/phantom/latest?version=3&os=linux -o /usr/local/share"
iocage exec sonarr "tar -xzvf /usr/local/share/Sonarr.phantom.3.0.2.572.linux.tar.gz -C /usr/local/share"
iocage exec sonarr rm /usr/local/share/Sonarr.phantom.3.0.2.572.linux.tar.gz
# Media Permissions
iocage exec sonarr "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec sonarr "pw groupadd -n media -g 8675309"
iocage exec sonarr "pw groupmod media -m sonarr"
iocage exec sonarr chown -R media:media /usr/local/share/Sonarr /config
iocage exec sonarr sysrc 'sonarr_user=media'
# create rc.d
iocage exec sonarr mkdir /usr/local/etc/rc.d
iocage exec sonarr "ee /usr/local/etc/rc.d/sonarr"
# use rc.d below
CLICK TO SHOW SONARR rc.d
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: sonarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# sonarr_enable: Set to YES to enable sonarr
# Default: NO
# sonarr_user: The user account used to run the sonarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# sonarr_group: The group account used to run the sonarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# sonarr_data_dir: Directory where sonarr configuration
# data is stored.
# Default: /var/db/sonarr
. /etc/rc.subr
name=sonarr
rcvar=${name}_enable
load_rc_config $name
: ${sonarr_enable:="NO"}
: ${sonarr_user:="media"}
: ${sonarr_group:="media"}
: ${sonarr_data_dir:="/config"}
pidfile="${sonarr_data_dir}/${name}.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/Sonarr/Sonarr.exe --data=${sonarr_data_dir} --nobrowser"
start_precmd=sonarr_precmd
sonarr_precmd() {
if [ ! -d ${sonarr_data_dir} ]; then
install -d -o ${sonarr_user} -g ${sonarr_group} ${sonarr_data_dir}
fi
export XDG_CONFIG_HOME=${sonarr_data_dir}
}
run_rc_command "$1"
iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr
iocage exec sonarr sysrc "sonarr_enable=YES"
iocage exec sonarr service sonarr start
09/19/2019 : ATTENTION last version of Radarr supporting mono 5.10 is v0.2.0.x. Next version (v3) need mono 5.16 mini (5.20 atm) While no new ports or pkg of mono will be available on Freebsd stay on v0.2.0.x or upgrade manually mono (see below)
iocage create -n "radarr" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
# Install pkgs
iocage exec radarr pkg install -y mono mediainfo sqlite3 curl
iocage exec radarr mkdir -p /config
iocage exec radarr mkdir -p /mnt/downloads
iocage exec radarr mkdir -p /mnt/movies
iocage fstab -a radarr /mnt/myVol/apps/radarr /config nullfs rw 0 0
iocage fstab -a radarr /mnt/myVol/media/downloads /mnt/downloads nullfs rw 0 0
iocage fstab -a radarr /mnt/myVol/media/movies /mnt/movies nullfs rw 0 0
iocage exec radarr ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec radarr "fetch https://github.com/Radarr/Radarr/releases/download/3.0.0.4204/Radarr.master.3.0.0.4204.linux.tar.gz -o /usr/local/share"
iocage exec radarr "tar -xzvf /usr/local/share/Radarr.master.3.0.0.4204.linux.tar.gz -C /usr/local/share"
iocage exec radarr rm /usr/local/share/Radarr.master.3.0.0.4204.linux.tar.gz
# Media Permissions
iocage exec radarr "pw user add radarr -c radarr -u 352 -d /nonexistent -s /usr/bin/nologin"
iocage exec radarr "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec radarr "pw groupadd -n media -g 8675309"
iocage exec radarr "pw groupmod media -m radarr"
iocage exec radarr chown -R media:media /usr/local/share/Radarr /config
iocage exec radarr mkdir /usr/local/etc/rc.d
iocage exec radarr "ee /usr/local/etc/rc.d/radarr"
CLICK TO SHOW RADARR rc.d
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: radarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# radarr_enable: Set to YES to enable radarr
# Default: NO
# radarr_user: The user account used to run the radarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# radarr_group: The group account used to run the radarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# radarr_data_dir: Directory where radarr configuration
# data is stored.
# Default: /var/db/radarr
. /etc/rc.subr
name=radarr
rcvar=${name}_enable
load_rc_config $name
: ${radarr_enable:="NO"}
: ${radarr_user:="media"}
: ${radarr_group:="media"}
: ${radarr_data_dir:="/config"}
pidfile="${radarr_data_dir}/${name}.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/Radarr/Radarr.exe --data=${radarr_data_dir} --nobrowser"
start_precmd=radarr_precmd
radarr_precmd() {
if [ ! -d ${radarr_data_dir} ]; then
install -d -o ${radarr_user} -g ${radarr_group} ${radarr_data_dir}
fi
export XDG_CONFIG_HOME=${radarr_data_dir}
}
run_rc_command "$1"
iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr
iocage exec radarr sysrc "radarr_enable=YES"
iocage exec radarr service radarr start
09/19/2019 : ATTENTION last version of Lidarr supporting mono 5.10 is v0.6.2.883. v0.7 and above need mono 5.16 mini (5.20 atm) While no new ports or pkg of mono will be available on Freebsd stay on v0.6.2.883 or upgrade manually mono (see below)
iocage create -n "lidarr" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
# Install pkgs
iocage exec lidarr pkg install -y mono mediainfo sqlite3 curl chromaprint
iocage exec lidarr mkdir -p /config
iocage exec lidarr mkdir -p /mnt/downloads
iocage exec lidarr mkdir -p /mnt/music
iocage fstab -a lidarr /mnt/myVol/apps/lidarr /config nullfs rw 0 0
iocage fstab -a lidarr /mnt/myVol/downloads /mnt/downloads nullfs rw 0 0
iocage fstab -a lidarr /mnt/myVol/media/music /mnt/music nullfs rw 0 0
iocage exec lidarr ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec lidarr "fetch https://github.com/lidarr/Lidarr/releases/download/v0.6.2.883/Lidarr.develop.0.6.2.883.linux.tar.gz -o /usr/local/share"
iocage exec lidarr "tar -xzvf /usr/local/share/Lidarr.develop.0.6.2.883.linux.tar.gz -C /usr/local/share"
iocage exec lidarr "rm /usr/local/share/Lidarr.develop.0.6.2.883.linux.tar.gz"
iocage exec lidarr "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec lidarr "pw groupadd -n media -g 8675309"
iocage exec lidarr "pw groupmod media -m lidarr"
iocage exec lidarr chown -R media:media /usr/local/share/Lidarr /config
iocage exec lidarr mkdir /usr/local/etc/rc.d
iocage exec lidarr "ee /usr/local/etc/rc.d/lidarr"
CLICK TO SHOW LIDARR rc.d
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: lidarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable lidarr:
# lidarr_enable="YES"
. /etc/rc.subr
name=lidarr
rcvar=${name}_enable
load_rc_config $name
: ${lidarr_enable="NO"}
: ${lidarr_user:="media"}
: ${lidarr_group:="media"}
: ${lidarr_data_dir:="/config"}
pidfile="${lidarr_data_dir}/${name}.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/Lidarr/Lidarr.exe -- data=${lidarr_data_dir} --nobrowser"
start_precmd=lidarr_precmd
lidarr_precmd() {
if [ ! -d ${lidarr_data_dir} ]; then
install -d -o ${lidarr_user} -g ${lidarr_group} ${lidarr_data_dir}
fi
export XDG_CONFIG_HOME=${lidarr_data_dir}
}
run_rc_command "$1"
iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr
iocage exec lidarr sysrc "lidarr_enable=YES"
iocage exec lidarr service lidarr start
#Note to self: Make sure port forwarding is disabled before removing or rebuilding this jail
iocage create -n "organizr" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
iocage exec organizr pkg install -y nginx git wget php74 php74-curl php74-pdo php74-sqlite3 php74-simplexml php74-zip php74-openssl php74-json php74-session php74-pdo_sqlite php74-filter
iocage exec organizr mkdir -p /config/nginx
iocage fstab -a organizr /mnt/myVol/apps/organizr /config nullfs rw 0 0
iocage console organizr
echo 'listen = /var/run/php-fpm.sock' >> /usr/local/etc/php-fpm.conf
echo 'listen.owner = www' >> /usr/local/etc/php-fpm.conf
echo 'listen.group = www' >> /usr/local/etc/php-fpm.conf
echo 'listen.mode = 0660' >> /usr/local/etc/php-fpm.conf
exit
iocage exec organizr cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
iocage exec organizr sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini
iocage exec organizr sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini
iocage exec organizr git clone -b v2-develop https://github.com/causefx/Organizr /usr/local/www/Organizr
iocage exec organizr chown -R www:www /usr/local/www /config
# Enable autostart and Start service first
iocage exec organizr sysrc nginx_enable=YES
iocage exec organizr sysrc php_fpm_enable=YES
iocage exec organizr service nginx start
iocage exec organizr service php-fpm start
# Create or Replace NGinx Config file
iocage exec organizr ee /config/nginx/nginx.conf
CLICK TO SHOW NGINX.CONF
user www;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
root /usr/local/www/Organizr;
location / {
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
location /api/v2 {
try_files $uri /api/v2/index.php$is_args$args;
}
}
}
# link my existing nginx config, you need to upload your own or edit the existing
iocage exec organizr service nginx stop
iocage exec organizr rm /usr/local/etc/nginx/nginx.conf
iocage exec organizr ln -s /config/nginx/nginx.conf /usr/local/etc/nginx/nginx.conf
iocage exec organizr service nginx start
#important step Navigate to http://JailIP and set the follow the setup database location to "/config/Organizr" and Organizr for the database name. If you have an existing config file in the database location once you complete the setup restart the jail and login with you existing credentials.
#note to self renable port forwarding
I keep folders in /config for nginx,log,letsencrypt,Backups
iocage create -n "jackett" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
iocage exec jackett pkg install -y mono curl
iocage exec jackett mkdir -p /config
iocage fstab -a jackett /mnt/myVol/apps/jackett /config nullfs rw 0 0
iocage exec jackett ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec jackett "fetch https://github.com/Jackett/Jackett/releases/download/v0.10.531/Jackett.Binaries.Mono.tar.gz -o /usr/local/share"
iocage exec jackett "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share"
iocage exec jackett rm /usr/local/share/Jackett.Binaries.Mono.tar.gz
iocage exec jackett "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin"
iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config
iocage exec jackett mkdir /usr/local/etc/rc.d
ee /mnt/myVol/iocage/jails/jackett/root/usr/local/etc/rc.d/jackett
CLICK TO SHOW JACKETT rc.d
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: jackett
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# jackett_enable: Set to YES to enable jackett
# Default: NO
# jackett_user: The user account used to run the jackett daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# jackett_group: The group account used to run the jackett daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# jackett_data_dir: Directory where jackett configuration
# data is stored.
# Default: /var/db/jackett
. /etc/rc.subr
name=jackett
rcvar=${name}_enable
load_rc_config $name
: ${jackett_enable:="NO"}
: ${jackett_user:="jackett"}
: ${jackett_group:="jackett"}
: ${jackett_data_dir:="/config"}
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-p ${jackett_data_dir}/jackett.pid -f ${procname} /usr/local/share/Jackett/JackettConsole.exe -d ${jackett_data_dir}"
start_precmd=jackett_precmd
jackett_precmd() {
export USER=${jackett_user}
if [ ! -d ${jackett_data_dir} ]; then
install -d -o ${jackett_user} -g ${jackett_group} ${jackett_data_dir}
fi
export XDG_CONFIG_HOME=${jackett_data_dir}
}
run_rc_command "$1"
iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett
iocage exec jackett sysrc "jackett_enable=YES"
iocage exec jackett service jackett start
iocage create -n "tautulli" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
iocage exec tautulli mkdir -p /config
iocage fstab -a tautulli /mnt/myVol/apps/tautulli /config nullfs rw 0 0
iocage exec tautulli pkg install -y python py38-setuptools py38-sqlite3 py38-openssl py38-pycryptodomex security/ca_root_nss git-lite nano
iocage exec tautulli git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli
iocage exec tautulli "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin"
iocage exec tautulli chown -R tautulli:tautulli /usr/local/share/Tautulli /config
iocage exec tautulli cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli
iocage exec tautulli chmod u+x /usr/local/etc/rc.d/tautulli
iocage exec tautulli nano /usr/local/etc/rc.d/tautulli
Add command_interpreter="python" above the command line (line 41). Example:
command_interpreter="python"
command="${tautulli_dir}/Tautulli.py"
command_args="--daemon --pidfile ${tautulli_pid} --quiet --nolaunch ${tautulli_flags}"
iocage exec tautulli sysrc "tautulli_enable=YES"
iocage exec tautulli sysrc "tautulli_flags=--datadir /config"
iocage exec tautulli service tautulli start
If you get error like "bad magic numbers" on start :
iocage console tautulli
cd /usr/local/share/Tautulli/contrib
chown root clean_pyc.sh
chmod u+x clean_pyc.sh
./clean_pyc.sh
Validate with Enter key
chown tautulli clean_pyc.sh
chmod -x clean_pyc.sh
service tautulli start
exit
# Create the jail
iocage create -n "shinobi" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
# Install Shinobi and dependencies
iocage exec shinobi pkg install -y git
iocage exec shinobi git clone https://gitlab.com/Shinobi-Systems/Shinobi.git Shinobi
iocage exec shinobi cd Shinobi
iocage exec shinobi chmod +x INSTALL/freenas.csh && INSTALL/freenas.csh
# Mount storage
iocage exec shinobi "mkdir -p /config"
iocage fstab -a shinobi /mnt/myVol/apps/shinobi /config nullfs rw 0 0
# Create "mysql" user
Username: mysql
Full Name: MySQL User
User ID: 88
New Primary Group: Checked
Enable Password login: No
# Create zfs dataset
In apps/nextcloud, create 3 datasets
1)
Name: db
Compression Level: lz4
Enable atime: Off
Permissions : mysql/mysql
2)
Name: config
Compression Level: lz4
Enable atime: On
Permissions : www/www
3)
Name: themes
Compression Level: lz4
Enable atime: On
Permissions : www/www
# Create the jail
iocage create -n "nextcloud" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"
iocage start nextcloud
# Mount storage
iocage exec nextcloud "mkdir -p /mnt/data"
iocage exec nextcloud "mkdir -p /var/db/mysql"
iocage exec nextcloud "mkdir -p /usr/local/www/nextcloud/config"
iocage exec nextcloud "mkdir -p /usr/local/www/nextcloud/themes"
iocage fstab -a nextcloud /mnt/myVol/media/cloud /mnt/data nullfs rw 0 0
iocage fstab -a nextcloud /mnt/myVol/apps/nextcloud/db /var/db/mysql nullfs rw 0 0
iocage fstab -a nextcloud /mnt/myVol/apps/nextcloud/config /usr/local/www/nextcloud/config nullfs rw 0 0
iocage fstab -a nextcloud /mnt/myVol/apps/nextcloud/themes /usr/local/www/nextcloud/themes nullfs rw 0 0
# Enable ZFS Cache for db dataset
zfs set primarycache=metadata myVol/apps/nextcloud/db
# Enter to jail console
iocage console nextcloud
# Install dependencies
pkg update
pkg install -y nano wget ca_root_nss apache24 mariadb105-server redis php74 php74-bz2 php74-ctype php74-curl php74-dom php74-exif php74-fileinfo php74-filter php74-gd php74-iconv php74-intl php74-json php74-ldap php74-mbstring php74-opcache php74-openssl php74-pdo php74-pdo_mysql php74-pecl-APCu php74-pecl-imagick php74-pecl-redis php74-posix php74-session php74-simplexml php74-xml php74-xmlreader php74-xmlwriter php74-xsl php74-zip php74-zlib php74-bcmath php74-gmp
# Install Nextcloud
cd /tmp
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
wget https://download.nextcloud.com/server/releases/latest.tar.bz2.sha512
# Check integrity of downloaded file
shasum -a 512 -c latest.tar.bz2.sha512
# MUST say OK, else redownload files
tar -xf latest.tar.bz2 -C /usr/local/www
rm latest.tar.bz2
rm latest.tar.bz2.sha512
chown -R www:www /usr/local/www/nextcloud /mnt/data
# Edit MariaDB (mysql) config file
nano /usr/local/etc/mysql/my.cnf
# In file find
# socket = /var/run/mysql/mysql.sock
# Change to
# socket = /tmp/mysql.sock
# Save the file (Ctrl+X > Y > Enter)
# Start MariaDB and install for first run
service mysql-server start
mysql_secure_installation --socket=/tmp/mysql.sock
# Provide the following answers to the prompts:
# Enter current password for root (enter for none):
# Switch to unix_socket authentication [Y/n] y
# Set root password? [Y/n] y
# New password: Enter a new password of your choice (don’t forget it!)
# Re-enter new password:
# Remove anonymous users? [Y/n] y
# Disallow root login remotely? [Y/n] y
# Remove test database and access to it? [Y/n] y
# Reload privilege tables now? [Y/n] y
# Login to database to create Nextcloud Database and User
mysql -u root -p
# Enter password previously configured
# In database prompt enter following commands
CREATE DATABASE nextcloud;
# Change "nextcloud_admin-password-here" to new password for "nextcloud_admin" database user (different of root password)
CREATE USER 'nextcloud_admin'@'localhost' IDENTIFIED BY 'nextcloud_admin-password-here';
GRANT ALL ON nextcloud.* TO 'nextcloud_admin'@'localhost';
FLUSH PRIVILEGES;
exit
# Check new user is ok by login to
mysql -u nextcloud_admin -p
# Enter password previously configured ("nextcloud_admin-password-here")
# if OK (go to SQL prompt >)
exit
# Start services to configure them
service apache24 start
service php-fpm start
# Configure Apache
nano /usr/local/etc/apache24/httpd.conf
# Uncomment lines (in nano search with Ctrl+W)
LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
# Change the following two lines
DocumentRoot "/usr/local/www/apache24/data"
<Directory "/usr/local/www/apache24/data">
# To
DocumentRoot "/usr/local/www/nextcloud"
<Directory "/usr/local/www/nextcloud">
# Change the following line
AllowOverride none
# To
AllowOverride all
# Change ServerName directive to
ServerName JAIL_IP:80
# Save and exit (Ctrl+X > Y > Enter)
# Configure Apache VirtualHost for Nextcloud
nano /usr/local/etc/apache24/Includes/nextcloud.conf
# Add the following content to the file:
<VirtualHost *:80>
DocumentRoot "/usr/local/www/nextcloud"
ServerName JAIL_IP
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9000/"
</FilesMatch>
DirectoryIndex /index.php index.php
</VirtualHost>
# Restart Apache
service apache restart
# Configure PHP
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
nano /usr/local/etc/php.ini
# Uncomment (by removing ; in front of line) and configure
cgi.fix_pathinfo=1
date.timezone=Europe/Paris
# See http://php.net/manual/en/timezones.php to select the right timezone
post_max_size = 1999M
upload_max_filesize = 1999M
memory_limit = 512M
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=60
# Save and exit (Ctrl+X > Y > Enter)
# Enable APCu Cache system
nano /usr/local/etc/php/ext-20-apcu.ini
# Add following lines :
apc.enabled=1
apc.enable_cli=1
# Save and exit (Ctrl+X > Y > Enter)
# Restart services
service php-fpm restart && service apache24 restart
# Now navigate to Nextcloud : JAIL_IP
# Set up your admin account with a username and password you choose, then populate the fields as follows:
Data folder = /mnt/data
Database user = nextcloud_admin
Database password = nextcloud_admin-password_here (nextcloud_admin user password configured before)
Database name = nextcloud
Database host = localhost:/tmp/mysql.sock
service redis start
# Configure Redis
nano /usr/local/etc/redis.conf
# Uncomment (remove "#" in front of line) and change following parameters
port 0
unixsocket /var/run/redis/redis.sock
unixsocketperm 770
bind 127.0.0.1
# Save and exit (Ctrl+X > Y > Enter)
# Add 'www' user to redis group
pw usermod www -G redis
# Restart redis service to apply modification
service redis restart
# Configure Redis on Nextcloud
su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/var/run/redis/redis.sock"'
su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer'
su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"'
su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"'
# Restart Apache
service apache24 restart
# Configure CRON jobs
setenv EDITOR nano
crontab -u www -e
# Add the following (assuming it’s blank, if not just add the job). The crontab header describes what each field in the cronjob represents, and is courtesy of squarism.
# minute (0-59),
# | hour (0-23),
# | | day of the month (1-31),
# | | | month of the year (1-12),
# | | | | day of the week (0-6 with 0=Sunday).
# | | | | | commands
*/15 * * * * /usr/local/bin/php --define apc.enable_cli=1 -f /usr/local/www/nextcloud/cron.php
# Save and Exit (Ctrl + X)
# Test cronjob
su -m www -c '/usr/local/bin/php --define apc.enable_cli=1 -f /usr/local/www/nextcloud/cron.php'
# Install all services autostart
sysrc apache24_enable=yes
sysrc mysql_enable=yes
sysrc redis_enable=yes
sysrc php_fpm_enable=yes
# Exit console and restart Jail
exit
iocage restart nextcloud
https://www.truenas.com/community/resources/duplicati-running-in-an-iocage.98/
iocage exec nextcloud pkg install -y mono py27-sqlite3 curl ca_root_nss
mkdir /mnt/Volume1/apps/duplicati
iocage fstab -a nextcloud /mnt/Volume1/apps/duplicati /mnt/duplicati_config nullfs rw 0 0
iocage exec nextcloud ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec nextcloud mkdir /usr/local/share/duplicati
iocage exec nextcloud fetch https://github.com/duplicati/duplicati/releases/download/v2.0.6.1-2.0.6.1_beta_2021-05-03/duplicati-2.0.6.1_beta_2021-05-03.zip -o /usr/local/share/duplicati
iocage exec nextcloud unzip /usr/local/share/duplicati/duplicati-2.0.6.1_beta_2021-05-03.zip
iocage exec nextcloud rm /usr/local/share/duplicati/duplicati-2.0.6.1_beta_2021-05-03.zip
iocage exec nextcloud "pw user add duplicati -c duplicati -u 818 -d /nonexistent -s /usr/bin/nologin"
iocage exec nextcloud chown -R duplicati:duplicati /usr/local/share/duplicati /mnt/duplicati_config
iocage exec nextcloud pw groupmod www -m duplicati
iocage exec nextcloud mkdir /usr/local/etc/rc.d
ee /mnt/myVol/iocage/jails/nextcloud/root/usr/local/etc/rc.d/duplicati
CLICK TO SHOW DUPLICATI rc.d
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: duplicati
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# duplicati_enable: Set to YES to enable duplicati
# Default: NO
# duplicati_user: The user account used to run the duplicati daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# duplicati_group: The group account used to run the duplicati daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# duplicati_data_dir: Directory where duplicati configuration
# data is stored.
# Default: /var/db/duplicati
. /etc/rc.subr
name=duplicati
rcvar=${name}_enable
load_rc_config $name
: ${duplicati_enable:="NO"}
: ${duplicati_user:="duplicati"}
: ${duplicati_group:="duplicati"}
: ${duplicati_data_dir:="/mnt/duplicati_config"}
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-p ${duplicati_data_dir}/duplicati.pid -f ${procname} /usr/local/share/duplicati/Duplicati.Server.exe --webservice-port=8200 --webservice-interface=any -d ${duplicati_data_dir}"
start_precmd=duplicati_precmd
duplicati_precmd() {
export USER=${duplicati_user}
if [ ! -d ${duplicati_data_dir} ]; then
install -d -o ${duplicati_user} -g ${duplicati_group} ${duplicati_data_dir}
fi
export XDG_CONFIG_HOME=${duplicati_data_dir}
}
run_rc_command "$1"
iocage exec nextcloud chmod u+x /usr/local/etc/rc.d/duplicati
iocage exec nextcloud sysrc "duplicati_enable=YES"
iocage exec nextcloud service duplicati start
Go to http://IP_JAIL:8200 and use default password "duplicati" on first login and change it
Instruction from issue here : https://www.truenas.com/community/threads/fn11-3-iocage-jails-plex-tautulli-sonarr-radarr-lidarr-jackett-transmission-organizr.55502/page-46
iocage console <jail>
pkg update
pkg upgrade
pkg install -y wget libiconv
wget https://github.com/jailmanager/jailmanager.github.io/releases/download/v0.0.1/mono-6.8.0.105.txz
pkg install -y mono-6.8.0.105.txz
rm mono-6.8.0.105.txz
iocage console <jail>
mkdir -p /usr/local/etc/pkg/repos
echo -e 'FreeBSD: { url: \"pkg+http://pkg.FreeBSD.org/\${ABI}/latest\" }' > /usr/local/etc/pkg/repos/FreeBSD.conf
Important files
Backup your entire apps folder
https://www-uxsup.csx.cam.ac.uk/pub/doc/suse/suse9.0/userguide-9.0/ch24s04.html
cd /directorypath : Change to directory.
chmod [options] mode filename : Change a file’s permissions.
chown [options] filename : Change who owns a file.
cp [options] :source destination : Copy files and directories.
ln -s test symlink : Creates a symbolic link named symlink that points to the file test
mkdir [options] directory : Create a new directory.
mv -i myfile yourfile : Move the file from "myfile" to "yourfile". This effectively changes the name of "myfile" to "yourfile".
mv -i /data/myfile : Move the file from "myfile" from the directory "/data" to the current working directory.
rm [options] directory : Remove (delete) file(s) and/or directories.
tar [options] filename : Store and extract files from a tarfile (.tar) or tarball (.tar.gz or .tgz).
touch filename : Create an empty file with the specified name.
iocage exec <jail> pkg version : to see current and available version of installed package
iocage exec <jail> pkg upgrade <name of service> : upgrade to latest version of package
iocage exec <jail> pkg update && pkg upgrade : update sources list and upgrade all installed packages
iocage exec <jail> service <name of service> start
iocage exec <jail> service <name of service> restart
iocage exec <jail> service <name of service> stop
To go to jail's shell from main shell
iocage console <jail>
Get latest FreeBSD iocage version
iocage fetch -r LATEST
Upgrading FreeBSD release version of a Jail
iocage upgrade -r <RELEASE VERSION> <jail>
If upgrading since previous major version (from 11 to 12 for exemple) run this command after upgrade
iocage exec <jail> pkg-static install -f pkg
iocage exec <jail> pkg upgrade -y
If you are stuck with (END) line in the process, type 'q' (enough time to continue process)
| SERVICE | PORT | USER (UID) |
|---|---|---|
| mysql | mysql (88) | |
| radarr | 7878 | radarr (352) |
| sonarr | 8989 | |
| lidarr | 8686 | |
| jackett | 9117 | jackett (818) |
| organizr | 80 | organizr (www) |
| plexmediaserver | 32400 | plex (972) |
| transmission | 9091 | transmission (921) |
| tautulli | 8181 | tautulli (109) |
| syncthing | 8384 | syncthing (983) |
| deluge | 8112 | deluge |
| duplicati | 8200 | duplicati (818) |